Virus Attacks AMD Processors
Symantec security researchers made the discovery of a previously unknown
virus variant, known as 'proof-of-concept' capable of attacking processors
AMD instead of the actual computer systems.
The worm can be of two types and targets AMD processors of 32-bit and
64-bit. The organization uses the reference to online threats like w64.
bounds and w32.bounds. Due to the involvement of proof of concept code,
both viruses have been declared to be low-level threats.
On execution of w32. bounds or w64. bounds, all suitable files for
execution in the current directories as well as all subdirectories are
infected. The file extension makes no difference. It passes through
authentication applications while it simultaneously proliferates the
entire computer. The entry point obscuring is of a new variety with an
entry hooked in the Import Table and referenced by the Bound Import Table.
As they are easy to create and propagate, there is a prevalence of viruses
aimed straight at the more commonly used systems like Windows. This makes
it different from the ones that are designed specifically for chip
architecture of a certain kind, aiming for flaws in a CPU. Consequently
their occurrence is not very frequent.
At this stage the code may be harmless but the virus is capable of
initiating creation of malware that damages computers irrespective of the
operating system they operate on.
The major disadvantage is different processors speaking in seemingly
different operating code (opcode) languages. In typical cases going down
to the opcode level is futile as the variants are too numerous with the
result that you could end up working on not many machines.
Furthermore, should it land up with malicious virus writers, the
surreptitious virus that would result would be very hard to find for
eradication. It conceals itself in existing executable files and while
running, is capable of taking complete control of a system.
Currently chip level threats are not common. It is easier to design
viruses that target operating systems and the market preference for
Windows operating system ensures opportunities galore for virus writers.
The advice from Symantec Security to all users and administrators is to
adhere to the basic security practices to ensure protection for their
system from the new virus attack.
Related article: Virus Infects Through USB Drives
» SPAMfighter News - 9/6/2006